connecting up the pineapple

[Jason Conley]

After pulling out most of my hair I finally got mine working. I found out that I didn't need tftpd to dish out dhcp addresses because it appears internet connections sharing does this automatically (gives out 192.168.0.x addresses only). Below is how I finally got my pineapple working. Others might have been able to do this differently but this is what worked for me and will hopefully help those that are still having issues.

based on the below link:

http://wiki.hak5.org/wiki/Internet_Connect...mit_Der_Jasager

So here is what I did once I unlocked the fon and got jasager on there:

Basically I am on my Laptop running windows vista (haven't had time to "upgrade" to xp). I am going to connect using my verizon air card or to another wireless access point, share that connection, plug my in my pineapple to my ethernet port and turn on jasager so that other people's laptops will associate with the pineapple. From there all their traffic goes through the pineapple, through my laptop, and out to the internet.

Configuration steps to do this:

1. Connect to the internet:

On your laptop, connect to the internet with your wireless, verizon air card, tethered cell, whatever. Do an Ipconfig /all and note the DNS servers it's using.

2. Share out your internet connection:

Whatever interface the above connection is using you will need to turn on Internet Connection Sharing (ICS). To do this, right click on the connection and choose the sharing tab. Click the box that says allow other network users to connect. Choose the "Local Area Connection" from the drop down list. Then click on the settings button and check everything and click "OK".

3. Configure the ethernet adapter on laptop: (where you will be plugging the pineapple to)

To have an address of 192.168.0.1 for the ip. 255.255.255.0 for subnetmask, leave default gateway blank. Put in the DNS server ip's that you got from step 1. You could put in any dns like 4.2.2.2 and it would work but I don't know if one way would be better than another.

***note IMPORTANT: I found that you have to use 192.168.0.1 and not another subnet like 192.168.1.1 for the fon because ICS has it's own built in DHCP that uses 192.168.0.x network (I think there is a way to change this default but I didn't look into it.) (Also don't use TFTPD like Darren uses in the video because it seems it's not needed - if you were able to get it to work with TFTPD, great, but it didn't work for me)

4: Configure the pineapple:

You need to connect to the fon and on the OpenWRT gui change the fon router to have a DHCP & Bridged connection and put in the ip address 192.168.0.250 (if you don't see a place to put in the ip then change it to static and then change it back to DHCP in the drop down and you will then see the place to put in the ip.) Again this has to have an ip on the 192.168.0.x subnet not 192.168.1.x . If you have trouble connection the to fon the best way to get to the gui interface to plug it into your wireless router where it will give it an ip, then on another computer on your home network go to the ip address it gives it and you will be able to get into it to configure it (might want to check the dhcp table on the router or do nmap to see what ip it gave it) Thankfully this is a one time setup.

5: Now take the pineapple and plug it into your ethernet connection (regular network cable, not crossover). Power on the pineapple and give it a min. or two to fully power on.

6: Test:

On another computer look at wireless networks and you should see the OpenWRT. Connect to OpenWRT. You should be able to access the internet. If you do an ipconfig /all on that computer you should see that it has an ip of 192.168.0.xx with 192.168.0.1 for the Default Gateway, DHCP server, and DNS server. If for some reason you can't access the internet, look over the above steps for

something missed or try doing this:

1.power off pineapple and disconnect from internet

2.connect to the internet again

3.power up the pineapple

4.connect again to OpenWRT with the other computer and check for internet connectivity.

7: At this point you should also be able to connect to the pineapple from your laptop.

192.168.0.250 - for the router interface

192.168.0.250:1471 - to get to the jasager interface. (use firefox because it doesn't work well with ie)

go to 192.168.0.250:1471 and turn on Karma.

Now anybody's laptop will associate with the pineapple.

once you see an ip show up in the connected clients list you can fire up wireshark and see their packets as they surf the net. Also you can do some sidejacking with ferret and hampster as shown in episode 412:

Hope this helps.

By the way if you are connecting to a wireless router for your internet connection and the router has an address of 192.168.0.1 address I think it might not work right b/c it would get confused with your ethernet adapter which also has a 192.168.0.1 address.

[cyoung_mi]

Great Tutorial.

[digininja]

That all seems in order, the only problem you are going to have is the because the Fon isn't giving out the IP address it won't know the IP address of the clients. The is because it gets the IP address from the ARP table and the IP only gets in there if the Fon sends traffic to the client which it won't do if it doesn't do the DHCP.

I can't remember the command to start the dhcp server off hand but I've posted it in other threads if anyone wants it.

[easycheese]

What is the command to start DHCP

[digininja]

This will give you a dhcp server offering IPs from 10.1.1.100 to 10.1.1.200

/usr/sbin/dnsmasq -K -d -F 10.1.1.100,10.1.1.200

[ookjmk]

now wouldnt you want the ip range 192.168.0.1-250 cuz he said thats what it needed to be:

"***note IMPORTANT: I found that you have to use 192.168.0.1 and not another subnet like 192.168.1.1 for the fon because ICS has it's own built in DHCP that uses 192.168.0.x network (I think there is a way to change this default but I didn't look into it.) (Also don't use TFTPD like Darren uses in the video because it seems it's not needed - if you were able to get it to work with TFTPD, great, but it didn't work for me)"

[digininja]

The question from easycheese was "what is the command to start dhcp?" I gave an answer.

I'd also suggest completely disabling the dhcp server on windows, give both the Fon and windows a static ip. If you have 2 dhcp servers on the same network then you cause problems.

And running a dhcp range of .1 to .250 is a bad idea, it only leaves you 4 static IPs to work with which limits what else you can have on the same subnet running on fixed IPs.

[ookjmk]

ok i tried running that script and i couldnt get it to work it kept saying invalid range. i followed the directions i thought but i get target to connect but they dont have internet so somethings wrong they cant get an IP address i'm assuming its because i couldnt get that line of code to work right any ideas on what im doing wrong?

[digininja]

The line I gave is an example of how to start the dhcp server. You need to put in a range that is on the same subnet as your interface, for example if your interface is on 192.168.0.2 then the command could be something like

/usr/sbin/dnsmasq -K -d -F 192.168.0.100,192.168.0.200

[ookjmk]

thanks!

[troy7548]

1.do you use putty to ssh in and enter that code there or where. I have Jaseger and webif working just need to figure out ICS. 2. Also will i have to change the settings around depending on what wifi place I connect to if I am not using a Verizon air card or tethered cell?

[h3%5kr3w]

1. Wow, have not tried it yet because I don't have time atm (exams n whatnot) but that WOULD explain why traffic would not traverse the laptop through ICS.

2. Listen to DigiNinja... Trust me when I say he knows more than his fair share about this, and he had more than just a little hand in the Jasager project :)

[digininja]

2. Listen to DigiNinja... Trust me when I say he knows more than his fair share about this, and he had more than just a little hand in the Jasager project :)

Ye, I built it!

[mianus230]

The final hurdel for using ICS with wireless and TFPD32 in windows. (you should be able to make it work if you do what the first post says, and follow my advice on the ports you should use)

to get this to work you need to do the following.

I've spent all day working on this and this has got it to work.

you must use subnet of 255.255.0.0 and keep address all the ip address low.

1. make the router connected to the internet via wireless how an ip range of 192.168.2.1/254. (make sure you have the ip and dns to automatic) (in vista/win7 disable ipv6, and only mess with the tcp-ip for ipv4)

2. Make the lapton lan ip range 192.168.0.1/254, this way ICS will have the 192.168.1.1/254 range. (make sure to leave the deafault gateway blank and to use 192.168.0.1 for the lan ip, subnet 255.255.255.0. )

3. When all ranges and subnet match, you can log back into the webif.

Tfpd setup

4. I also have tfpd32 running on the laptop connected to the fon and the internet

it has the following settings.

a. server interface is 192.168.2.7 (this will match the ip that your wireless card will give you after you connect and have internet)

b. wins/dns server is set to the deafult gateway for the lan (for the dhcp server, in my case 192.168.0.1)

c. the net mask is set to 255.255.255.0, so it is the subnet mask.

-to get to the jasager interface. (use firefox )

webif=

192.168.0.250

jasager=192.168.0.250:1471

Karma =192.168.0.250:1471 and turn on .

The I think that the reason that Darren setup worked with ICS, while using 192.168.1.250 in the webif/network setup page, instead of what 192.168.0.250 that you have to use if you are going to be connected to a wireless router, not a blackberry connecting, which i think acts like a modem possibly making the 192.168.0.1 ICS limitation in windows not a restriction.

The picture illustrates what the network map looks like on the computer you are connecting to karma with. ie the mark computer that is getting it's internet from the fon router.

leave the default gateway and the dns server blank. That information will be provided by the dhcd server. leave it up to tdtpd, so you can control it.

[shx]

How does that bloody ICS works? When I start it, it sets lan interface to 192.168.137.1. So I changed fon's lan interface to 192.168.137.2. Now my victim laptop connected to fon via wifi gets an IP, can ping my laptop's lan (192.168.137.1) but no further, can't ping e.g. 8.8.8.8. I can't ping it from fon either (from ssh terminal). Where and what should I set as dns.

I've put these two lines in /etc/config/dhcp

list 'dhcp_option' 'lan,3,192.168.137.1'

list 'dhcp_option' 'lan,6,8.8.8.8'

But the victim laptop doesn't get this dns, it has 192.168.137.2, which is fon's lan interface.

Should I set dns to my wan's gateway (which has shared connection) somewhere?

[shx]

Solved it! Sorry guys, should've gone through all other threads before asking anything:) Everything is here, it's just in snippets and one has to put it together for his own setup. Thanks goes to everybody who's contributing!

[Elementix]

Thanks for the tutorial Jason! Works great for me. :)

[Elementix]

Hey, I'm back again. When I last followed your tutorial I was using XP and it worked great. I've since upgraded to Windows 7 and can't seem to get this to work anymore. I'm following the exact same steps and everything seems to be the same for the most part but once I set the fon to dhcp/bridged I can't seem to connect to it at all through wired OR wireless. Can anyone else confirm this tutorial working on Windows 7? Is there something that I'm missing or need to change? Thanks guys.

[Elementix]

Anyone??

[CyberAssassin]

Anyone??

I'm having the same issue with Windows 7, I can't seem to find any solution. Which doesn't really bother me because I never take my laptop to the coffee shop with me. I always take my netbook which runs XP and Backtrack. So I'd say find a computer that has XP or use Backtrack or another Live Distro. Sorry I couldn't be more help.

[gaud]

Great information in this thread!

Thanks.

[dualboot]

o

Edited April 5, 2010 by dualboot

[dualboot]

After pulling out most of my hair I finally got mine working. I found out that I didn't need tftpd to dish out dhcp addresses because it appears internet connections sharing does this automatically (gives out 192.168.0.x addresses only). Below is how I finally got my pineapple working. Others might have been able to do this differently but this is what worked for me and will hopefully help those that are still having issues.

based on the below link:

http://wiki.hak5.org/wiki/Internet_Connect...mit_Der_Jasager

So here is what I did once I unlocked the fon and got jasager on there:

Basically I am on my Laptop running windows vista (haven't had time to "upgrade" to xp). I am going to connect using my verizon air card or to another wireless access point, share that connection, plug my in my pineapple to my ethernet port and turn on jasager so that other people's laptops will associate with the pineapple. From there all their traffic goes through the pineapple, through my laptop, and out to the internet.

Configuration steps to do this:

1. Connect to the internet:

On your laptop, connect to the internet with your wireless, verizon air card, tethered cell, whatever. Do an Ipconfig /all and note the DNS servers it's using.

2. Share out your internet connection:

Whatever interface the above connection is using you will need to turn on Internet Connection Sharing (ICS). To do this, right click on the connection and choose the sharing tab. Click the box that says allow other network users to connect. Choose the "Local Area Connection" from the drop down list. Then click on the settings button and check everything and click "OK".

3. Configure the ethernet adapter on laptop: (where you will be plugging the pineapple to)

To have an address of 192.168.0.1 for the ip. 255.255.255.0 for subnetmask, leave default gateway blank. Put in the DNS server ip's that you got from step 1. You could put in any dns like 4.2.2.2 and it would work but I don't know if one way would be better than another.

***note IMPORTANT: I found that you have to use 192.168.0.1 and not another subnet like 192.168.1.1 for the fon because ICS has it's own built in DHCP that uses 192.168.0.x network (I think there is a way to change this default but I didn't look into it.) (Also don't use TFTPD like Darren uses in the video because it seems it's not needed - if you were able to get it to work with TFTPD, great, but it didn't work for me)

4: Configure the pineapple:

You need to connect to the fon and on the OpenWRT gui change the fon router to have a DHCP & Bridged connection and put in the ip address 192.168.0.250 (if you don't see a place to put in the ip then change it to static and then change it back to DHCP in the drop down and you will then see the place to put in the ip.) Again this has to have an ip on the 192.168.0.x subnet not 192.168.1.x . If you have trouble connection the to fon the best way to get to the gui interface to plug it into your wireless router where it will give it an ip, then on another computer on your home network go to the ip address it gives it and you will be able to get into it to configure it (might want to check the dhcp table on the router or do nmap to see what ip it gave it) Thankfully this is a one time setup.

5: Now take the pineapple and plug it into your ethernet connection (regular network cable, not crossover). Power on the pineapple and give it a min. or two to fully power on.

6: Test:

On another computer look at wireless networks and you should see the OpenWRT. Connect to OpenWRT. You should be able to access the internet. If you do an ipconfig /all on that computer you should see that it has an ip of 192.168.0.xx with 192.168.0.1 for the Default Gateway, DHCP server, and DNS server. If for some reason you can't access the internet, look over the above steps for

something missed or try doing this:

1.power off pineapple and disconnect from internet

2.connect to the internet again

3.power up the pineapple

4.connect again to OpenWRT with the other computer and check for internet connectivity.

7: At this point you should also be able to connect to the pineapple from your laptop.

192.168.0.250 - for the router interface

192.168.0.250:1471 - to get to the jasager interface. (use firefox because it doesn't work well with ie)

go to 192.168.0.250:1471 and turn on Karma.

Now anybody's laptop will associate with the pineapple.

once you see an ip show up in the connected clients list you can fire up wireshark and see their packets as they surf the net. Also you can do some sidejacking with ferret and hampster as shown in episode 412:

Hope this helps.

By the way if you are connecting to a wireless router for your internet connection and the router has an address of 192.168.0.1 address I think it might not work right b/c it would get confused with your ethernet adapter which also has a 192.168.0.1 address.

i have completed all but the last couple of steps, the problem im having is that when i go to the settings of my wireless network card the dhcp and dns options are not available.

[Charles]

What OS are you using? I can change the adapter properties even if it's not connected in XP, Vista and 7.

[dualboot]

What OS are you using? I can change the adapter properties even if it's not connected in XP, Vista and 7.

im using vista, but unlike the tutorial when i go to the ethernet properties settings, the dhcp and dns options are not there. also when i plug in the pineapple it says there is an ip address conflict.

ive followed all the steps in the tutorial, three times. have no idea what im doing wrong.

i can get the webif and karma up, i can connect through the internet, but when i fire up karma im supposed to blacklist my openwrt and it doesnt come up.